Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.

Abstract: An invention is afforded for providing security for a protected network resource. The system includes a network access apparatus in communication with a receiver that receives signals from a remote source. The network access apparatus is capable of collecting current microprint data for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, forty-five seconds. The system also includes an authentication computer in communication with the network access apparatus. The authentication computer has access to an LSDF for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, a twenty-four hour period of time.

Abstract: An Operations, Administration, and Maintenance (OA&M) 16 provides security for managed resources on a wireless client device 10 at many levels of granularity, from the entire device, to subsystems, to software and hardware components, services and applications, down to individual attributes.

Abstract: A node device provides secure communication services over a data network, such as the Internet or another public or private packet switched network, to multiple computers that are coupled through the node device and multiple other node devices. The node device includes a network communication interface for coupling the node device to the data network. The node device includes a data storage containing cryptographic information including information that is unique to the node device. The node device also includes a tunneling communication service coupled to the network interface configured to maintaining an encrypted communication tunnel with each of multiple other node devices using the cryptographic information. For example, the encrypted communication tunnels are implemented using the IPsec or PPTP protocols. The node device includes a routing database for holding routing data and a router coupled to the tunneling communication service and to the routing database.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.

Abstract: A system for securing an electronic communication comprises a gateway server configured to receive and store a device identifier and a network address from a first computing device. The device identifier identifies the first computing device, and the network address is associated with the first computing device. Thereafter, the gateway server receives from a second computing device the network address of the first computing device and an encryption key request. The gateway server derives from the device identifier for the first computing device an encryption key and sends the encryption key to the second computing device. A communication from the second computing device to the first computing device may thereafter be secured using the encryption key. A related method of securing an electronic communication is also disclosed.

Abstract: There is provided a program for making a computer perform a first procedure for verifying whether an platform guaranteeing that device identification data for identifying a communication device cannot be rewritten by the user is provided in the communication device, a second procedure for verifying whether the device identification data included in a registration request received from the communication device is not yet registered, and a third procedure for registering the device identification data included in the registration request and issuing user identification data to the user when the program determines in the first procedure that the platform is provided and determines in the second procedure that the device identification data is not yet registered.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.

Abstract: Access to digital data is controlled by encrypting the data in such a manner that it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key.

Abstract: An authentication apparatus performs local and global corrections on image data. Local correction uses the shape of a local line indicated by line information contained in a neighboring region on image data whose feature value extracted from the shape of a line is used for authentication. Global correction uses the shape of a global line indicated by line information contained in a region larger than the neighboring region. The authentication apparatus calculates the difference between line information contained in image data corrected by local correction and line information contained in image data corrected by global correction and compares the difference with a threshold. If the difference is less than the threshold, the authentication apparatus outputs, as line information contained in image data, line information corrected by local correction and, if the difference is greater, it outputs, as line information contained in image data, line information corrected by global correction.

Abstract: An invention is provided for monitoring an item, such as a container. The invention includes a computer in communication with a receiver that receives signals from a remote source. A transmitter in communication with the computer receives values from the computer based on the signals received from the remote source. These values are then transmitted to a security device associated with the item, which includes an authentication table comprising a plurality of initial values. The security device then records values transmitted from the transmitter. The values can be jitter values, with each jitter value being a difference in arrival times of at least two timing signals from the same remote source.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: An object of the present invention is to provide a mechanism for tamper detection of electronic devices (110) in closed units which is robust and low cost. The object is achieved by a method in an electronic device (110) for detecting if a cover (100) enclosing the electronic device (110) has been opened. The cover (100) comprises an enclosing assembly (250) which is adapted to fasten the cover (100) into a closed position. The electronic (device 110) comprises a non volatile memory (120). The non volatile memory (120) comprises a stored reference signature associated to the enclosing assembly (250) when the cover (100) was fastened into a closed position. The method comprises the following steps: (Creating 1003) a signature associated to the enclosing assembly (250). Comparing (1004) the created signature with the reference signature. Detecting (1007) that the cover 100 has been opened when the comparing (1004) results in a difference.

Abstract: Systems and methods for deploying agents for a management system across IT infrastructure in an automated fashion are disclosed herein. Embodiments of the present invention allow agents to be substantially automatically deployed or configured in conjunction with previously unknown or newly added application components. More specifically, embodiments of the present invention may track traffic associated with application components to identify unknown application components. Agents may then be deployed to monitor these newly identified application components.

Abstract: A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled.

Abstract: Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Abstract: A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed.

Abstract: In one embodiment, the present invention is a method for providing a secure remote configuration. The method includes obtaining a signed configuration file (S-CF) from a storage using a device identity of the device, wherein the device identity of the device is linked with a location of the device. A validated configuration file (V-CF) is then generated using the S-CF. At least one device parameter is then configured using the V-CF. In another embodiment, the present invention is a method for providing a signed configuration file (S-CF) to the device. The method includes processing a request for an S-CF from the device, wherein the request comprises a device identity of the device. A location of the device is then determined using a location database and the device identity of the device. A configuration file (CF) for the location of the device is then obtained from a storage. An S-CF is then generated using the CF. The S-CF is then provided to the device.

Abstract: A data encryption and decryption system securely geoencrypts data using location-dependent navigation signals. To increase the entropy of the cryptographic key to guard against a brute-force attack, geoencryption is made to depend on largely time-independent characteristics of the navigation signals that are not easily spoofed, including the time difference of arrival, the envelope-to-cycle difference, the differential signal-to-noise, the signal envelope shape, and the directions of arrival of the navigation signal set.

Abstract: Systems and methods for detecting unauthorized use of a user equipment device are provided. An instruction is transmitted, using communications circuitry of a handheld device, to the user equipment device directing the user equipment device to display a unique identifier associated with the user equipment simultaneously with media content. An image of the media content and unique identifier simultaneously displayed on a display screen coupled to the user equipment device is captured using camera equipment of the handheld device. The image is automatically processed with the handheld device to extract the unique identifier from the image. The extracted unique identifier is cross-referenced, using the handheld device, with user account information associated with the user equipment device to determine whether use of the user equipment device is unauthorized.

Abstract: Enhanced security is provided in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In one aspect of the invention, a first command is transmitted from the reader to write a first data unit to a memory of given one of the RFID devices. A reply is received in the reader from the given RFID device indicating that a second data unit determined based on contents of the first data unit is available in the memory to be accessed by the reader. A second command is transmitted from the reader to the given RFID device to allow the reader to read the memory to thereby obtain the second data unit. The first and second data units comprise information exchanged as part of a cryptographic protocol carried out between the reader and the given RFID device. In an illustrative embodiment, the cryptographic protocol may comprise a challenge-response authentication protocol.

Abstract: A system for and method of registering devices an applications with cryptographic modules is presented. The system and method prevent devices and applications from operating in conjunction with cryptographic modules unless such devices and applications have previously been registered with the module.

Abstract: Computer implemented methods, apparatus, and computer-readable media for detecting suspected spam in e-mail (24) originating from a sending computer (21). A method embodiment comprises the steps of determining (11) the actual IP address (23) of the sending computer (21); converting (12) the actual IP address (23) into geo-location data; and, using the geo-location data, ascertaining (13) whether the e-mail (24) contains suspected spam.

Abstract: One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified.

Abstract: In one aspect, a method of mutual certificate authentication between a first device and a second device based on location is described. This embodiment of a method comprises receiving a request from a first device, wherein the request comprises a location of the first device; registering a first public key for the first device in response to the request, wherein the registration associates the first device with the first public key; determining at least one second device that can be accessed by the first device based upon a location of the second device relative to the location of the first device; registering a second public key for the second device, wherein the registration associates the second device with the second public key; sending the second public key to the first device; sending the first public key to the second device; and mutually authenticating the first device to the second device when the first device and the second device are connected.

Abstract: A cryptographic system (500) that includes a data stream receiving device (502) configured for receiving a modified data stream representing data entries encrypted using a chaotic sequence of digits. The system also includes user processing device (503, 505) configured for receiving user access information specifying an initial value for the chaotic sequence of digits and data field location information associated with selected ones of the data entries. The system further includes a synchronized pair of chaotic sequence generators (300) coupled to the user processing devices configured for generating encryption and decryption sequences based on the initial value and the data field location information. The system additionally includes an encryption device (504) and a decryption device (506) coupled to the chaotic sequence generators and the data stream receiving device, the decrypter configured for generating an output data stream from the modified data stream by applying the decryption sequences.

Abstract: The verification system of this invention comprises an image forming apparatus 1 having verification function and a card reader 2 for reading a user ID from a card. The image forming apparatus 1 is capable of performing short-range radio communication with a portable instrument 3. The portable instrument 3 receives a polling command transmitted by the image forming apparatus 1 and sends back its own identification code if it is located near the image forming apparatus 1. The image forming apparatus 1 permits usage of all the functions thereof if it verifies that user is an officially permitted person according to user ID read by the card reader 2 and the identification code sent back from the portable instrument 3. Consequently, there is provided a verification system having a high security level and convenient for use or a verification system which permits usage of its apparatus and other related devices within an appropriate range depending on the security level of a verified method.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.

Abstract: A security zone key is used to secure data traffic/control messages in a multi-hop wireless relay network. In one embodiment, the security zone key is generated by a base station and passed to relay stations and optionally mobile stations that are to be associated with the security zone. A given base station may implement multiple security zones on the wireless network. The members in each zone share a unique group security association. One or more connections may be assigned to a particular security zone. Data traffic/control messages directed to relay stations in a security zone are processed using the security zone key to enable all relay nodes within the security zone to verify the authenticity of the management message and optionally decode the messages.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.

Abstract: In a geo-security system, a device receives RF signals from multiple distinct classes of RF communication systems and extracts location-dependent signal parameters. A current geotag is computed from the parameters by fuzzy extractors involving quantization of the parameters and Reed-Solomon decoding to provide a reproducible unique geotag. The current geotag is compared with a stored geotag, and a geo-secured function of the device is executed based on the result of the comparison. The use of multiple signal sources of different types, combined with special fuzzy extractors provides a robust geotag that allows both lower false rejection rate and lower false acceptance rate.

Abstract: A method for secure access and communication of information in a distributed media network is disclosed and includes detecting, at a first geographic location, when a media peripheral is communicatively coupled to at least one computing device at the first geographic location within the distributed media network. The media peripheral may be validated for use at the first geographic location using at least one identifier. The at least one identifier may be associated with the media peripheral. The at least one identifier may be used to facilitate communication by and/or to the media peripheral over the distributed media network. The at least one identifier associated with the media peripheral and at least one identifier of a user may be requested utilizing the media peripheral. The at least one identifier associated with the media peripheral is a serial number of the media peripheral.

Abstract: Secure communication of information is effected from a first party to a second party when the first party knows its own global location and the global location of the second party, and employs what essentially is an undiscoverable code signal that is broadcast to, and received by, both the first and the second parties. The first party securely communicates information to the second party by modifying the code signal with the information that is to be communicated and sends the modified code signal to the second party. Illustratively, the code signal is related to the Y component of a GPS signal.

Abstract: A method for managing the functionality of a user device is provided that includes storing security information for a secure zone in a user device. The security information for the secure zone includes at least one peripheral associated with the secure zone. Based on the security information for the secure zone, the at least one peripheral associated with the secure zone is automatically disabled when the user device enters the secure zone.

Abstract: A mobile terminal device, a wireless communication unit, a wireless communication system, and a wireless communication method by which 1:N communication can be realized at low power consumption and a CH occupation time can be shortened. After each terminal transmits an authorization request, it performs a carrier sense with the pattern corresponding to the transmission timing and waits for authorization response from a key unit (200). The key unit (200) transmits the authorization response at the timing when the carrier sense timings of a plurality of terminals which are authenticated in response to the authorization request from the terminal are coincident with each other. Accordingly, the key unit (200) performs transmission only to the authenticated terminals at one time, and 1:N communication can be realized at low power consumption.

Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: A data integrity system including a transmitter, having a TX pseudorandom function generator, a TX switching function having a transmitting option and a TX combiner operative to receive, from a Host, an initialization data entity including at least one word, [TA1], in an initialization phase, to receive, during normal operation, two data entities of interest each including at least one data word of interest [TA2] and [TA3] respectively; to receive a first data entity including at least one word [TC1] comprising a randomized data entry, from the TX pseudorandom function generator, to generate a first XOR sum of the initialization data entity's word [TA1] and the at least one randomized data entity [TC1], in at least one iteration of an initialization phase; and, during normal operation, to generate and to output a second XOR sum [TA2?TC2=TB2] and a third XOR sum [TA3?TC3=TB3], wherein TB2 and TB3 are randomized data entities, wherein the words TA1, TA2 and TA3 are operative to initialize the data integrity sys

Abstract: A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers.

Abstract: In an aspect, the invention features a method for mission planning The method includes displaying a graphical representation of a geographical area and displaying a graphical representation of one or more regions within the geographical area. The method also includes accepting a specification of geographical regions from a user, accepting a specification of a set of one or more receivers from the user, and accepting a specification of resource access rights associated with the specific one of the geographical regions from the user. The method also includes remotely causing access to a vehicle's resources to be provided or denied to the specified set of one or more receivers based on their association with the specific one of the geographical regions specified by the user when the vehicle is within the specific one of the geographical regions specified by the user.

Abstract: A method of protecting a broadcast frame, the method comprising broadcasting a beacon and a maintenance beacon frame (MBF) from an access point (AP) to a plurality of terminals during a maintenance beacon waiting period (MBWP); and broadcasting broadcast management frames (BMFs) from the AP to the plurality of terminals during a broadcast management frame waiting period (BMFWP), wherein the MBF comprises a BMFs message integrity code (MIC) field including a BMFs MIC calculated from concatenated BMFs to be sent in a current beacon interval.

Abstract: In one implementation a method of authenticating the installation of a television receiver involves generating a fingerprint value as function of the television network characteristics at an authorized installation location, where the fingerprint is a function of at least one of a gain value of a variable gain amplifier and an equalizer coefficient of an adaptive equalizer of the television appliance; receiving a code that is a function of both a decryption key and the fingerprint value from a broadcast source; ascertaining a value of the decryption key by applying an inverse function to the code that produces the decryption key as an output; and carrying out a decryption process at the television receiver appliance using the decryption key. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Abstract: A system and method for authentication in a wireless mobile communication system are provided, in which a mobile station calculates a CMAC value having a first number of bits, transmits to a base station a ranging request message including a partial CMAC value being a second number of upper bits of the CMAC value having the first number of bits, and receives a ranging response message indicating whether authentication is successful or failed from the base station.

Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. In one embodiment, an authentication server can transmit a unique broadcast identifier to a broadcast system and a local device. The broadcast system can then transmit a broadcast that includes the unique broadcast identifier. Once the local device receives the unique broadcast identifier from the broadcast and the authentication server, it can be authenticated as being in the broadcast area.

Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. In one embodiment, an authentication server can transmit a unique broadcast identifier to a broadcast system and a local device. The broadcast system can then transmit a broadcast that includes the unique broadcast identifier. Once the local device receives the unique broadcast identifier from the broadcast and the authentication server, it can be authenticated as being in the broadcast area.

Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. For example, in one embodiment, a broadcast station can broadcast a first over-the-air broadcast that includes a token. A local device can scan for and identify the token in the first over-the-air broadcast it receives. The local device can then transmit the received token and user registration to an authentication server. The authentication server can use the token and user registration information to create a unique broadcast identifier. The authentication server can then transmit the unique broadcast identifier to the broadcast station and the local device. The broadcast station then broadcasts a second over-the-air broadcast that includes a unique broadcast identifier. Once the local device receives the unique broadcast identifier from the second over-the-air broadcast and the authentication server, it can be authenticated as being in the broadcast area.

Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. For example, in one embodiment, a broadcast station can broadcast a first over-the-air broadcast that includes a token. A local device can scan for and identify the token in the first over-the-air broadcast it receives. The local device can then transmit the received token and user registration to an authentication server. The authentication server can use the token and user registration information to create a unique broadcast identifier. The authentication server can then transmit the unique broadcast identifier to the broadcast station and the local device. The broadcast station then broadcasts a second over-the-air broadcast that includes a unique broadcast identifier. Once the local device receives the unique broadcast identifier from the second over-the-air broadcast and the authentication server, it can be authenticated as being in the broadcast area.

Abstract: Systems, methods, apparatus, and computer program products are provided for authenticating local and remote devices associated with a broadcast area. In one embodiment, an authentication server can transmit a unique broadcast identifier to a broadcast system and a local device. The broadcast system can then transmit a broadcast that includes the unique broadcast identifier. Once the local device receives the unique broadcast identifier from the broadcast and the authentication server, it can be authenticated as being in the broadcast area.